A software application within a computer's operating system typically performs a set of well-defined tasks. During the execution of the software application, the computer's operating system may create one or more new ‘processes’. Sometimes, a new process is a sub-program. Hence, it is not surprising that during the execution of a process (e.g. a software application), the operating system may create a set of new sub-processes, which in turn, may require the creation of their own sub-processes, and so on, until the entire process is completed executed.
If an operating system creates a sub-process while executing a given process, then this sub-process is called the ‘child process’ of the given process, which in turn is called the ‘parent process’. In particular, when a child process is created, it can communicate with its parent process through an allotted communication channel, to send and receive information regarding the tasks that need to be performed.
Since the above mentioned phenomenon of creating sub-processes is fairly common among most, if not all, of the operating systems, certain computer viruses, denial of service attacks and other malicious systems often try to create malicious processes. These malicious processes can then claim to be the child processes of a legitimate parent process that executes as a part of the software application. Furthermore, they can start sending incorrect results to their parent processes, their sibling processes and even their child processes. These malicious processes may also perform undesired tasks, thereby degrading the efficiency of the operating system and other systems within the computer system. It is clear that although malicious processes are more likely to claim themselves as a legitimate child process of a ‘true’ parent process, the above mentioned phenomenon can even occur with ‘new processes’ that have gone awry. In some instances, a sub-process may claim to be the child process of one parent process when they are actually the child processes of another.
It would be beneficial if a method existed that can identify a legitimate child process with respect to its parent process before the child process can communicate with the parent process before the parent process relies on the requesting child process.